github.com/authzed/spicedb@v1.32.1-0.20240520085336-ebda56537386/internal/services/integrationtesting/testconfigs/caveatindirectarrow.yaml

github.com/authzed/spicedb@v1.32.1-0.20240520085336-ebda56537386/internal/services/integrationtesting/testconfigs/caveatindirectarrow.yaml (about)

     1  ---
     2  schema: |-
     3    definition user {}
     4  
     5    caveat team_is_admin(admin_teams list<string>, self string) {
     6    	self in admin_teams
     7    }
     8  
     9    definition team {
    10    	relation admin: team with team_is_admin
    11    	relation member: user
    12    	permission view = admin->member
    13    }
    14  
    15    definition resource {
    16    	relation team: team
    17    	permission can_view = team->view
    18    }
    19  relationships: |-
    20    // team definition
    21    team:A#admin@team:A[team_is_admin:{"self":"A"}]
    22    team:B#admin@team:B[team_is_admin:{"self":"B"}]
    23    team:C#admin@team:C[team_is_admin:{"self":"C"}]
    24    // team members
    25    team:A#member@user:clara
    26    // resources
    27    resource:1#team@team:B
    28    resource:2#team@team:C
    29    resource:3#team@team:C
    30    resource:4#team@team:A
    31    resource:5#team@team:B
    32    resource:6#team@team:B
    33    resource:7#team@team:C
    34  assertions:
    35    assertTrue:
    36      - 'resource:4#can_view@user:clara with {"admin_teams": ["A"]}'
    37    assertCaveated:
    38      - "resource:4#can_view@user:clara"
    39    assertFalse:
    40      - 'resource:4#can_view@user:clara with {"admin_teams": ["B"]}'
    41      - 'resource:1#can_view@user:clara with {"admin_teams": ["B"]}'